UBA : User Accessing Risky IP Anonymization
The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.
UBA : User Accessing Risky IP Anonymization (previously called X-Force® Risky IP, Anonymization)
Enabled by default
False
Description
This rule detect when a local user or host is connecting to an external anonymization service.
Support rules
- X-Force Risky IP, Anonymization
- BB:UBA : Common Event Filters
Required configuration
- Set "Enable X-Force Threat Intelligence Feed" to Yes in .
- Enable the following rule: X-Force Risky IP Anonymization.
Log source types
All supported log sources.